mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #02230
[Bug 684190] Re: https for login page does not work in IE properly if user denies displaying insecure content
The problem is related to the fact that wwwroot config parameter is
stored in the database, so we never enter the condition below (init.php)
if mahara was installed before https was enabled:
// Make sure wwwroot is set and available, either in the database or in the
// config file. Cron requires it for some purposes.
if (!isset($CFG->wwwroot) && isset($_SERVER['HTTP_HOST'])) {
$proto = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off') ? 'https://' : 'http://';
...
As the comment suggests, storing it in the database is required for
cron.
** Changed in: mahara
Assignee: (unassigned) => Ruslan Kabalin (ruslan-kabalin)
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/684190
Title:
https for login page does not work in IE properly if user denies displaying insecure content
Status in Mahara ePortfolio:
Confirmed
Bug description:
The problem has been pointed out in the forum:
http://mahara.org/interaction/forum/topic.php?id=1458#post11309
I replicated it with IE{7,8}. The problem only happens if $cfg->httpswwwroot is defined (i.e. ssl security is used for login page only) and the password is entered incorrectly, so that the login page with https prefix and highlighted error field is being displayed.
When https is enabled to all content ($cfg->wwwroot = 'https://...') everything works fine.
References